[Implementation Guide] - JSON Path deps

[bumblefudge]

• colby pointed out today that the recommended kotlin lib removes "in-path functions" -
  • is that a problem? will that make holders throw when interacting with an eval-happy verifier? ongoing discussion about how implementations with very-liberal and very-locked-down security policies re: filter expressions can gracefully interact without just dropping or throwing
• [ ] decision taken on this week's call to figure out some reasonable guidance on constraining/sandboxing JSONPath and auditing recommended libraries against that guidance before putting back in
• [ ] decision taken on this week's call to remove impl recommendations and [carefully] put back in to future implementation guide

[colbyharrison]

I would broaden this question to the whole Developer Resources section

[bumblefudge]

edited original message and issue name according 💪

[bumblefudge]

Discussed on today's call:

• [x] ~~removing JSONPath or replacing it with JSONPointer or another way to evaluate DSL strings would be a v3 change (will open a separate tracking v3 issue)~~ #430

• [ ] add 2 yellow "warning boxes" to v2.1 mentioning that 1.) only use libraries with a static-only eval mode and 2.) "script extensions" are a very bad idea and will harm interop with more secure PE

• [x] v2.1 should remove all Impl Resource library recommendations that we have not audited to support the suggested best practices above

[bumblefudge]

@rado0x54 how can we help you, ser

[rado0x54]

@bumblefudge Terribly sorry ser, I thought this issue was done, since ALL implementation recommendations have been removed in #438. So good to close?